Top Ten Virtualization Risks Hiding in Your Company
What are the management risks and problems hiding inside your virtualization effort? That's a question that David Lynch, VP of marketing for Embotics, tries to help IT groups answer. Embotics, part of CIO's recent list of 10 virtualization vendors to watch, provides what it calls VM lifecycle management. The company's V-Commander software (which integrates with VMware's VirtualCenter management suite) promises to help you track VMs from cradle to grave. The tool lets IT groups apply policies and automation to that tagging and tracking work.
Lynch recently shared with me a top 10 list that his staff uses when it meets with IT leaders to discuss common management risks and problems with virtualization. The list reflects actual problems that Embotics has found while helping multiple customers audit and secure virtualized server environments.I find this list thought-provoking, realistic and worth sharing. Check out the below questions and ask yourself: Could any of these problems be hiding in my virtualized environment?
As for how these problems arose in the first place, virtualization bubbled up from a few people in the server or application development group at many companies, instead of being planned top down from the CIO. Then virtualization spread quickly, and spread further into the production IT environment, because IT and business teams liked the results. As that spread continues, IT finds itself now having to step back and get more formal about managing virtualization, to avoid management complexity and security risks."Most of our customers have been very busy operationally," Lynch says, "now they are starting to have to deal with issues of control."
Now, on to Embotics' top 10 list of potential troublemakers lurking in virtualized environments:1. Rogue VMs
How tightly do you control who can create a virtual machine? It's a key security question. When you fire up inactive or suspicious VMs, you may find more than you expect. One Embotics customer fired up an offline VM to confirm what it was, and found a DHCP server which took down the production network, Lynch says.
2. Unpatched VMs
Remember, users can run VMs on their own PCs using downloadable software from VMware's website, for example. Audit all of your company's machines for such VMs and you may find what Embotics customers have, Lynch says: Unauthorized operating systems and a lack of security patches on those VMs.
3. VM Naming Messes
As you track all the VMs in your company, logical names will be helpful. But chances are, IT pros throughout your organization started naming VMs long before you realized how far virtualization would spread, long before anyone thought about imposing a naming system. Think about naming conventions now, Lynch advises.
4. Production Environment Border Problems
Most IT organizations run pre-production VMs (say for application development work, or
Previous Post: Cloud Computing: Watch Out IT, It's Raining JargonNext Post: Cloud Computing: Reality Check From Early Adopters
Most Discussed Posts
Cloud computing has emerged as one of the most significant game changers to hit the technology landscape in the past 20 years. With this massive expansion of the cloud, the perception of the IT organization is shifting from a utility player to a change agent. This eBook breaks down five ways progressive organizations are using cloud-based IT Management solutions to help drive innovation and become more strategic, including: adding visibility and analytics, speeding up time-to-value, lowering costs, improving prioritization, and providing a blueprint for future cloud deployments.
Read the white paper to see how IBM helped Citigroup deliver new services and enhancements to their 200 million customers faster.
There are 3 ways to modernize legacy applications: rewrite completely, acquire packaged solutions or migrate existing code. This paper explains why it's best to migrate and how IBM® Rational® software can help.
Accommodating specific lines of business can result in a hybrid ecosystem of applications and servers. The resulting complexity of this architecture makes for an environment that is costly to maintain and difficult to change when addressing new challenges.
This whitepaper will help you to define a mobile device passcode policy. Security managers must attempt to reconcile two opposing goals. They must: 1) create a passcode policy that is strong enough to protect the device if it is lost or stolen, while: 2) not annoying users with needless length or complexity.
This whitepaper, authored by The Radicati Group, looks at the key reasons organizations should consider moving to a cloud-based archiving solution. Email archiving solutions enable organizations to store, monitor, and collect electronic data exchanged by their users to comply with internal policies and regulations.
ATERNITY will showcase a 30-minute demo on how Fortune 500 companies are leveraging its award-winning FPI Platform to deliver a user-centric approach to Proactive IT Management.
For businesses to move forward and tap into the ever-expanding universe of Internet users and network-enabled devices, it's critical to learn how to make the transition to IPv6. Learn the critical steps your organization must take to make a seamless transition-and keep your business world connected.
Learn how IT teams can protect against spear phishing tactics. Harry Sverdlove, chief technology officer of Bit9 offers a frank discussion about spear phishing - the most common technique used in today's advanced attacks.
Learn how to build a solid business case for your migration to Red Hat Enterprise Linux so you can run leaner, innovate faster, be more flexible and own the New Now.
Social media isn't about you; it's about everything around you. As you consider how your customers want to communicate with you, social media is something that can't be ignored. But what should your strategy be? Is social media "just another channel?" What kind of a plan makes sense for your contact center and for your customers? Join our experts as they share their insight and research results.
Hardware tokens were a popular method of strong authentication in past years but the cumbersome provisioning and distribution tasks, high support requirements and replacement costs have limited their growth. The additional log-in steps that hardware tokens require and the resulting user frustrations have limited adoption and make them impractical for larger scale partner and customer applications.
Sponsored Links
